CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 18 hours ago•27 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. id: CVE-2021-40970 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

6.1CVSS6.6AI score0.02204EPSS

Exploits1References4

EUVD•added yesterday•6 views

EUVD-2026-37140

LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading...

6.8CVSS5.9AI score0.00232EPSS

NVD•added 2 days ago•7 views

CVE-2026-54069

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to every installed browser extension without any authentication. Combined with the default empt...

9.2CVSS0.00607EPSS

Cvelist•added 2 days ago•14 views

CVE-2026-54069 SiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist

9.2CVSS0.00607EPSS

NVD•added 2 days ago•6 views

CVE-2026-56237

Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...

9.3CVSS0.00293EPSS

Cvelist•added 2 days ago•30 views

CVE-2026-56237 Capgo - Unauthenticated API Key Generation via Client-Side Parameter Manipulation

9.3CVSS0.00293EPSS

EUVD•added 2 days ago•6 views

EUVD-2026-38740

9.3CVSS6AI score0.00293EPSS

NVD•added 2 days ago•8 views

CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

7.9CVSS0.00264EPSS

EUVD•added 2 days ago•11 views

EUVD-2026-38731

7.9CVSS5.9AI score0.00264EPSS

CVE•added 2 days ago•11 views

CVE-2026-10745

CVE-2026-10745 affects upKeeper Solutions a.k.a. upKeeper Instant Privilege Access on Windows, vulnerable through version 1.6.1. Root cause: improper output neutralization in logs (log injection/tampering/forging). Reported impact per metrics indicates high risk for subsequent system confidential...

7.9CVSS5.9AI score0.00264EPSS

Cvelist•added 2 days ago•32 views

CVE-2026-10745

7.9CVSS0.00264EPSS

Github Security Blog•added 3 days ago•6 views

jackson-databind's renamed @JsonIgnore'd setters can deserialize via private fields

Summary POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed rather than dropped. With MapperFeature.INFERPROPERTYMUTATORS enabled default, the private backing field is retained; during deserialization...

5.3CVSS5.9AI score0.00286EPSS

Exploits0References6Affected Software2

CVE•added 3 days ago•17 views

CVE-2026-45792

Vulnerability summary (CVE-2026-45792) RTK (Rust Token Killer) prior to 0.32.0 trusts project-local configuration by auto-loading the highest-priority .rtk/filters.toml without user notification. An attacker with repository access can place a malicious filter to modify shell command output before...

6.9CVSS5.9AI score0.00085EPSS

RedHat Linux•added 3 days ago•6 views

Important: Red Hat Security Advisory: .NET 8.0 security update

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS5.9AI score0.01176EPSS

EUVD•added 3 days ago•5 views

EUVD-2026-38428

Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers get/put/delete/post. API keys created with mode=all but restricted to a single app via limitedtoapps are only checked for limitedtoorgs and not for limitedtoapps, so an app-scoped key ca...

8.7CVSS5.9AI score0.00292EPSS

CVE•added 3 days ago•8 views

CVE-2026-56225

Capgo before 12.128.2 has an authorization bypass in public API key management handlers (get/put/delete/post). Keys created with mode=all but limited_to_apps are not checked against limited_to_apps, only limited_to_orgs, allowing an app-scoped key to enumerate, update, and delete sibling API keys...

8.7CVSS5.9AI score0.00292EPSS

RedHat Linux•added 3 days ago•4 views

samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00251EPSS

Exploits0References5

RedHat Linux•added 4 days ago•9 views

Important: Red Hat Security Advisory: .NET 8.0 security update

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.5CVSS5.9AI score0.01176EPSS

OSV•added 4 days ago•3 views

DEBIAN-CVE-2026-53537

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=...,...

3.7CVSS5.9AI score0.00176EPSS